<!DOCTYPE HTML>
<html>
<head>
    <title>no default src doesn't behave exactly like *</title>
    <meta name="timeout" content="long">
    <script src='/resources/testharness.js'></script>
    <script src='/resources/testharnessreport.js'></script>
    <script src="../support/alertAssert.sub.js?alerts=[]">    </script>
    <script src='positiveTest.js'></script>
    <!-- enforcing policy: foobar; report-uri ...
    -->
</head>
<body>
    <h1>no default src doesn't behave exactly like *</h1>
    This page has a CSP header but an unknown directive.
    This should have no impact on an img loaded from a data:
    uri, or an inline script, although that would be blocked by a default-src policy of *.
    <br>
    <img src=''>
    <script>
      setup({ explicit_done: true });

      test(function() {
        assert_true(window.cspPositiveTest);
      }, "Allows scripts from the same host.");
    </script>

    <div id='log'></div>

    <script>
      var script = document.createElement('script');
      script.src = '../support/checkReport.sub.js?reportExists=false';
      script.async = true;
      script.defer = true;
      script.addEventListener('load', function() {
        done();
      });
      document.body.appendChild(script);
    </script>
</body>
</html>
